Task 2: What does the base said?
Can you decode the following? VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==
Feed me the flag!
We can decode the flag using the base64 utility.
Copy $ echo "VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==" | base64 -d
THM{ju57_d3c0d3_7h3_b453} Answer
Copy THM{ju57_d3c0d3_7h3_b453}
Task 3: Meta meta
I'm hungry, I need the flag.
The name of the task hints us that the flag might be in the image metadata.
We can extract this metadata using exiftool.
Copy $ exiftool Findme.jpg
ExifTool Version Number : 12.44
File Name : Findme.jpg
Directory : .
File Size : 35 kB
File Modification Date/Time : 2023:12:09 10:26:58+05:30
File Access Date/Time : 2023:12:09 10:26:58+05:30
File Inode Change Date/Time : 2023:12:09 10:27:26+05:30
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
X Resolution : 96
Y Resolution : 96
Exif Byte Order : Big-endian (Motorola, MM)
Resolution Unit : inches
Y Cb Cr Positioning : Centered
Exif Version : 0231
Components Configuration : Y, Cb, Cr, -
Flashpix Version : 0100
Owner Name : THM{3x1f_0r_3x17}
Comment : CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60.
Image Width : 800
Image Height : 480
Encoding Process : Progressive DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Image Size : 800x480
Megapixels : 0.384 Answer
Task 4: Mon, are we going to be okay?
It is sad. Feed me the flag.
Sometimes other data or files can be hidden inside of JPG files.
We can use steghide to extract these hidden files.
Copy $ steghide extract -sf Extinction.jpg
Enter passphrase:
wrote extracted data to "Final_message.txt". Let's read the Final_message.txt file.
Copy $ cat Final_message.txt
It going to be over soon. Sleep my child.
THM{500n3r_0r_l473r_17_15_0ur_7urn} Answer
Copy THM{500n3r_0r_l473r_17_15_0ur_7urn}
Task 5: Erm......Magick
Huh, where is the flag?
Did you find the flag?
If we just select the task string, we will see the flag.
Answer
Task 6: QRrrrr
More flag please!
The image we have is a QR code.
In order to extract the flag, we can use the ZXing Decoder.
Answer
Copy THM{qr_m4k3_l1f3_345y}
Task 7: Reverse it or read it?
Found the flag?
For this challenge we are given an executable file.
Copy $ file hello.hello
hello.hello: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=02900338a56c3c8296f8ef7a8cf5df8699b18696, for GNU/Linux 3.2.0, not stripped We can check the strings inside the file using the strings command.
Copy $ strings hello.hello
/lib64/ld-linux-x86-64.so.2
libc.so.6
puts
printf
__cxa_finalize
__libc_start_main
GLIBC_2.2.5
_ITM_deregisterTMCloneTable
__gmon_start__
_ITM_registerTMCloneTable
u/UH
[]A\A]A^A_
THM{345y_f1nd_345y_60}
-- snip --; Answer
Copy THM{345y_f1nd_345y_60}
Task 8 Another decoding stuff
Can you decode it? 3agrSy1CewF9v8ukcSkPSYm3oKUoByUpKG4L
Oh, Oh, Did you get it?
We can use the Magic function from CyberChef to decode the flag.
Answer
Copy THM{17_h45_l3553r_l3773r5}
Task 9 Left or right
Left, right, left, right... Rot 13 is too mainstream. Solve this MAF{atbe_max_vtxltk}
Let's use the Rot13 function with the amount set to 7.
Answer
I'm hungry now... I need the flag
Answer
Copy THM{4lw4y5_ch3ck_7h3_c0m3mn7}
Task 11: Can you fix it?
I accidentally messed up with this PNG file. Can you help me fix it? Thanks, ^^
Let's check the hash dump of the PNG file.
Copy $ xxd spoil.png | head
00000000: 2333 445f 0d0a 1a0a 0000 000d 4948 4452 #3D_........IHDR
00000010: 0000 0320 0000 0320 0806 0000 00db 7006 ... ... ......p.
00000020: 6800 0000 0173 5247 4200 aece 1ce9 0000 h....sRGB.......
00000030: 0009 7048 5973 0000 0ec4 0000 0ec4 0195 ..pHYs..........
00000040: 2b0e 1b00 0020 0049 4441 5478 9cec dd79 +.... .IDATx...y
00000050: 9c9c 559d eff1 cf79 9e5a bb7a 5f92 7477 ..U....y.Z.z_.tw
00000060: f640 4802 0920 1150 c420 bba2 88a8 805c .@H.. .P. .....\
00000070: 1906 7c5d 64c0 79e9 752e 03ce 38e3 0e8e ..|]d.y.u...8...
00000080: 2f75 e63a 23ea 8c0c e830 8e03 6470 c191 /u.:#....0..dp..
00000090: cd80 880c 4b20 0909 184c 42b6 4ed2 e9f4 ....K ...LB.N... So the first 4 characters are wrong. In a PNG file the first 4 characters should be 89 50 4E 47 as shown in this image:
Let's use hexedit to fix the bytes.
We should now be able to view the image.
Task 12 Read it
Did you found the hidden flag?
For this question, we have to perform some Google dorking.
Enter the following text in the search bar and click on the first link:
Copy site:reddit.com/[r/tryhackme](https://www.reddit.com/r/tryhackme/) intext:THM{*} Answer
Copy THM{50c14l_4cc0un7_15_p4r7_0f_051n7}
Task 13: Spin my head
What is this?++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>++++++++++++++.------------.+++++.>+++++++++++++++++++++++.<<++++++++++++++++++.>>-------------------.---------.++++++++++++++.++++++++++++.<++++++++++++++++++.+++++++++.<+++.+.>----.>++++.
Can you decode it?
The text is encrypted using Brainfuck.
We can decode it using an online decoder.
Answer
Task 14: An exclusive!
Exclusive strings for everyone! S1: 44585d6b2368737c65252166234f20626d
S2: 1010101010101010101010101010101010
Did you crack it? Feed me now!
Since there are two strings, the possible decryption method is XOR.
Let's use an online decoder.
Answer
Task 15 Binary walk
Flag! Flag! Flag!
We have to extract the embedded files from the JPG file using binwalk.
Copy $ binwalk -e hell.jpg
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.02
30 0x1E TIFF image data, big-endian, offset of first image directory: 8
265845 0x40E75 Zip archive data, at least v2.0 to extract, uncompressed size: 69, name: hello_there.txt
266099 0x40F73 End of Zip archive, footer length: 22 We can now read the flag from the hello.txt file.
Copy $ cat _hell.jpg.extracted/hello_there.txt
Thank you for extracting me, you are the best!
THM{y0u_w4lk_m3_0u7} Answer
Task 16 Darkness
What does the flag said?
We have to first download stegsolve for this task using the following command:
Copy $ wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
$ chmod +x stegsolve.jar
$ mkdir bin
$ mv stegsolve.jar bin/ We have to now move the dark.png image to the bin folder that we crated.
We are now ready to use stegsolve.
Copy $ java -jar stegsolve.jar
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true After opening the image using stegsolve, we have to go to Blue plane 1 to be able to see the flag.
Answer
Copy THM{7h3r3_15_h0p3_1n_7h3_d4rkn355}
Task 17: A sounding QR
How good is your listening skill? P/S: The flag formatted as THM{Listened Flag}, the flag should be in All CAPS
What does the bot said?
Let's decode the QRCTF.png file using Zxing.
We are given a Soundcloud link as the result.
The audio tells us that the flag is soundingqr.
Answer
Task 18: Dig up the past
Sometimes we need a 'machine' to dig the past Targetted website: https://www.embeddedhacker.com/ Targetted time: 2 January 2020
For this one we have to use the Wayback Machine.
Let's look at the snapshot created on January 2, 2020.
Answer
Copy THM{ch3ck_th3_h4ckb4ck}
Task 19: Uncrackable!
Can you solve the following? By the way, I lost the key. Sorry >.<
MYKAHODTQ{RVG_YVGGK_FAL_WXF} Flag format: TRYHACKME{FLAG IN ALL CAP}
The deciphered text
In this task, we have to use the # Vigenère cipher.
Answer
Copy TRYHACKME{YOU_FOUND_THE_KEY}
Task 20: Small bases
Decode the following text. 581695969015253365094191591547859387620042736036246486373595515576333693
What is the flag?
We simply have to convert it from Decimal to Hexadecimal to ASCIII.
Hexadecimal
Copy 54484D7B31375F6A7535375F346E5F307264316E3472795F62343533357D Answer
Copy THM{17_ju57_4n_0rd1n4ry_b4535}
Task 21: Read the packet
Did you captured my neighbor's flag?
We have to open the PCAP using Wireshark and set the following filter:
That filters for the HTTP packets.
We can find the flag in packet 1827.
Answer
